一、 漏洞 CVE-2025-1768 基础信息
漏洞标题
Squirrly SEO 插件<= 12.4.05 版本存在经认证的(search参数)SQL注入漏洞
来源:AIGC 神龙大模型
漏洞描述信息
Squirrly SEO 插件在 WordPress 中存在盲 SQL 注入漏洞。该漏洞影响所有版本,包括 12.4.05 及其之前版本。由于用户提供的参数未进行充分转义,并且现有 SQL 查询的预处理不够充分,导致攻击者可以通过 "search" 参数注入附加的 SQL 查询。具有订阅者级别及以上权限的认证攻击者可以利用此漏洞从数据库中提取敏感信息。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
来源:AIGC 神龙大模型
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
来源:AIGC 神龙大模型
漏洞标题
SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameter
来源:美国国家漏洞数据库 NVD
漏洞描述信息
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2025-1768 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2025-1768 的情报信息

  • 标题: SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameter -- 🔗来源链接

    标签:

    SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameter

  • 标题: Snippet.php in squirrly-seo/trunk/models – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Snippet.php in squirrly-seo/trunk/models – WordPress Plugin Repository

  • 标题: Snippet.php in squirrly-seo/trunk/models – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Snippet.php in squirrly-seo/trunk/models – WordPress Plugin Repository

  • 标题: Onboarding.php in squirrly-seo/trunk/controllers – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Onboarding.php in squirrly-seo/trunk/controllers – WordPress Plugin Repository

  • 标题: Assistant.php in squirrly-seo/trunk/controllers – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Assistant.php in squirrly-seo/trunk/controllers – WordPress Plugin Repository

  • 标题: Audits.php in squirrly-seo/trunk/controllers – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Audits.php in squirrly-seo/trunk/controllers – WordPress Plugin Repository

  • 标题: BulkSeo.php in squirrly-seo/trunk/controllers – WordPress Plugin Repository -- 🔗来源链接

    标签:

    BulkSeo.php in squirrly-seo/trunk/controllers – WordPress Plugin Repository

  • 标题: FocusPages.php in squirrly-seo/trunk/controllers – WordPress Plugin Repository -- 🔗来源链接

    标签:

    FocusPages.php in squirrly-seo/trunk/controllers – WordPress Plugin Repository

  • 标题: Post.php in squirrly-seo/trunk/controllers – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Post.php in squirrly-seo/trunk/controllers – WordPress Plugin Repository

  • 标题: SEO Plugin by Squirrly SEO – WordPress plugin | WordPress.org -- 🔗来源链接

    标签:

    SEO Plugin by Squirrly SEO – WordPress plugin | WordPress.org

  • 标题: Changeset 3248412 – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Changeset 3248412 – WordPress Plugin Repository

  • 标题: Changeset 3250395 – WordPress Plugin Repository -- 🔗来源链接

    标签:

    Changeset 3250395 – WordPress Plugin Repository
  • https://nvd.nist.gov/vuln/detail/CVE-2025-1768